ICO issues warning over staff retaining historical data

The Information Commissioner’s Office has warned employees they could face prosecution for deliberately keeping hold of "historical personal data" after changing jobs.

The regulator has pointed out that under the Data Protection Act 2018, which implemented GDPR into UK law, workers who "knowingly or recklessly" hold onto personal data may face regulatory action.

It covers individuals whose roles involve gathering and handling personal data belonging to clients, customers, or others, either electronically or in paper form. Violations would occur when workers make unnecessary copies of personal data after collection, as well as when they leave their positions and keep this information.

The move follows the ICO’s decision not to take enforcement action against two police officers who had been interviewed by the media about a historic case they had worked on involving an MP.

The two Metropolitan Police officers were investigated under the Data Protection Act 1998, after disclosing details about the case to the media.

However, the regulator has taken action in similar cases. Last year, a former Southwark Council schools admission department apprentice was fined £850 and ordered by pay £713 in costs after illegally sharing personal data about children and their parents.

And in 2017, a charity worker was prosecuted for making his own copies of sensitive data and emailing them to his personal email address without knowledge of his employer Rochdale Connections Trust.

Did you find this content useful?

Thank you for your input

Thank you for your feedback

Next read

Talk of contact tracing apps to tackle COVID-19 serves to highlight the difficult balance between using data to personalise services and robust data protection. Whether your organisation is involved in building these solutions or not, Craig Suckling of IAG Loyalty suggests there are four principles to keep you on the right side of your customers.

You may also be interested in

Fraud costs the government an estimated £31 billion to £49 billion a year. To tackle thist, reforms to the government’s anti-fraud efforts are vital. Satrajit "Satty" Saha of TransUnion in the UK explains how commercial data organisations can play their part.

In this edition, Cathy Pendleton, senior data governance manager at Compare the Market, talks to DataIQ about how to make the protection of data an enabler of new business processes and why this is proving to be an attractive new career option in the industry. Plus diversity at Hastings Direct and KPMG.

Leyre Murillo-Villar is chief data officer and data control lead at BNP Paribas. She is also a member of the Women in Data 20 in Data and Tech list. She told DataIQ about the need to close the gender gap and how data is at the heart of managing risk.